Title: public permissions Last modified: August 21, 2016 --- # public permissions * [funsail](https://wordpress.org/support/users/funsail/) * (@funsail) * [12 years, 10 months ago](https://wordpress.org/support/topic/public-permissions/) * Seeing this [http://codex.wordpress.org/Changing_File_Permissions](http://codex.wordpress.org/Changing_File_Permissions) * Why do any of the php files or folders need public read access? * “the php process runs as the owner of the php files themselves” * Doesn’t that mean NO files need public access? Viewing 6 replies - 1 through 6 (of 6 total) * [Clayton James](https://wordpress.org/support/users/claytonjames/) * (@claytonjames) * [12 years, 10 months ago](https://wordpress.org/support/topic/public-permissions/#post-3867178) * You may need to be a little more specific (in the context of information in the article you’ve linked to). Taken at face value, and generally speaking, no “public” access would mean that your site wouldn’t be accessible to visitors. * > “the php process runs as the owner of the php files themselves” > Doesn’t that mean NO files need public access? * No. * Thread Starter [funsail](https://wordpress.org/support/users/funsail/) * (@funsail) * [12 years, 10 months ago](https://wordpress.org/support/topic/public-permissions/#post-3867183) * all the .php files I mean, none of them are part of the site front end. eg wp- activate.php or the wp folders * And stuff like softver.txt isn’t that just a security risk showing WP version like that? * Moderator [Yui](https://wordpress.org/support/users/fierevere/) * (@fierevere) * 永子 * [12 years, 10 months ago](https://wordpress.org/support/topic/public-permissions/#post-3867200) * .php still needs to be readable by web server (PHP interpreter, if web server is running under different account – it does NOT need access to .php) as for world – they have stub, so on direct request they are not executed. * hiding version does not seem to be reasonable too, especially if version is current, ofc if you have ancient version security by obscurity can give somewhat (questionable) protection at least vs automatic scans * Thread Starter [funsail](https://wordpress.org/support/users/funsail/) * (@funsail) * [12 years, 10 months ago](https://wordpress.org/support/topic/public-permissions/#post-3867205) * I was thinking if wp-config.php could work with 400 and wp-includes seems fine with 711, then some other files can have reduced permissions? * I can open the file [http://site/wp-activate.php](http://site/wp-activate.php) and it gives a blank page instead of a 404, so I assume someone can attach appropriate query strings to some .php and execute something? * Moderator [Yui](https://wordpress.org/support/users/fierevere/) * (@fierevere) * 永子 * [12 years, 10 months ago](https://wordpress.org/support/topic/public-permissions/#post-3867292) * > wp-config.php could work with 400 * yes, if owned by PHP interpreter process (if using FPM or suPHP or mpm-itk = your user account) * > wp-includes seems fine with 711 * folders only. but they dont really need such security. its just stock wordpress * > I assume someone can attach appropriate query strings to some .php and execute > something? * wrong, wordpress core needs to be loaded properly before anything can be executed, thus most of the .php files are not executed directly by wordpress, they are included and not accept any query params at all. * Thread Starter [funsail](https://wordpress.org/support/users/funsail/) * (@funsail) * [12 years, 10 months ago](https://wordpress.org/support/topic/public-permissions/#post-3867317) * ok so generally no need to change any perms Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘public permissions’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 6 replies * 3 participants * Last reply from: [funsail](https://wordpress.org/support/users/funsail/) * Last activity: [12 years, 10 months ago](https://wordpress.org/support/topic/public-permissions/#post-3867317) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics